Two updates to this post can be found at the bottom. Thank you to Roberto Tamassia for quickly responding on behalf of the Brown University CS Department.
The following is just a quick overview of the spam attack somebody perpetrated on the wiki last night.
Situation
A visitor created 8 new spammy articles using 6 different accounts and 2 IP addresses. Each was formatted almost identically:
Example of Spam Article. Click to Enlarge
All contained the following lead-in text:
NOTICE: The data below is posted by a program which is part of the Graffiti research project from Brown University. We will remove the data from your site once the experiment is finished. If you want to delete this, please do so as you would delete a spam page. For more information, please visit http://graffiti.cs.brown.edu/info/.
Followed by thousands of nonsense characters.
Why Is This Spam?
Following the link leads to a supposed page on brown.edu that outlines a research project:
We are trying to determine whether it storing data on multiple third-party sites on the Internet is a viable solution for data persistence in peer-to-peer systems.
I have serious doubts about the legitimacy of this project, so I’m awaiting a response from the Department Chair of Brown University’s CS department. If it turns out not to be sponsored by Brown, I will update this post.
Reasons for classifying this as spam (and why I’m pissed about it as the wiki admin):
- It does not add value to the wiki’s visitors.
- It does not serve the purpose of the wiki (a community resource for Richmond, VA).
- If Brown University were conducting research in this area they should have contacted the site admins (i.e. me) to ask if our site could be used in the sample. Chances are I would have agreed to participate in academic research if approached ahead of time.
- Around the same time this happened, a Twitter user named GraffitiGuy followed the RVAWiki account, which is the automated RSS feed of the wiki’s recent changes. The coincidence between his username, the time he followed us, and the name of the spam project is too strong to ignore. Just one glance at his profile tells me that he is into some less than savory online ventures. Had he done any research, he could have easily found the @RichmondWiki Twitter account that posts actual news and updates from the wiki.
- Tracing the IP address leads back to Brown University’s servers.
In Conclusion
This spam was relatively easy to clean up. The 8 articles were deleted and the fake user accounts will be blocked. If their documentation is correct (and legitimate), we won’t be targeted again.
If it happens again we’ll implement more robust IP blocking and wiki lockdown measures.
[Update #1 Forums - other wiki owners]
There are a couple of threads on MWUsers.com (a wiki forum) that are tracking this as well:
[Update #2 Response from Brown University]
Roberto Tamassia is the Chair of the Brown University CS Department. He responded quickly to an email I sent regarding the Graffiti project. His reponse is posted in its entirety.
Andrew,
Thanks to you and other wiki owners who alerted me to this problem. I am very sorry for the inconvenience.
I was not aware of the graffiti project and after seeing several complaints in my mailbox this morning, I immediately conducted an investigation. I found that it is a project led by two graduate students, Andrew Pavlo (PhD) and Ning Shi (Master’s), who have been working on it independently. I have just talked to Pavlo reproaching him for his conduct. Pavlo is taking down the system and removing as much as possible the data placed by it. I have also asked him to post an apology on the project website.
The CS department values research integrity and will further investigate the matter according to university policies. For what I have seen so far, this incident seems to have been caused by naive behavior by two students and not deliberate misconduct. In particular, Pavlo is a promising second-year PhD student, full of enthusiasm for research. I regret that he did not consult with his advisor about the ethical and legal implications of his approach to measuring spam persistence in wikis. Also, I hope he learned from his mistake.
Again, I am sorry for the problems caused to your website.
Best regards,
Roberto
Roberto Tamassia
Professor and Chair
Department of Computer Science
Brown University
Thanks to Mr. Tamassia for his quick and honest response. I’m sure the entire wiki community feels the same gratitude.
Possibly Related Posts:
{ 2 comments… read them below or add one }
Thanks for the quick writeup on this and the response. Like you, I’m surprised that anyone even thought this was a good idea in the first place.
On the other hand, if you want to hide persistent data in Usenet news posts, I think you might have something going for you….
This is the type of thing an Internal Review Board should be catching… When will there be an “inhuman data” review board — for when your data not at all related to humans can cause social problems.
{ 1 trackback }